VOL. 5, No. 1, 2009

Editorial Preface: Protecting Information

Chuleeporn Changchit, Texas A&M University – Corpus Christi, chuleeporn.changchit@tamucc.edu

This is the first issue of the Journal of Information Privacy & Security (JIPS) for the
year of 2009. This issue includes three articles, one interview, and one book review.
With the sudden increase in computer and Internet usage, lots of data is exchanged on
everyday activities, leading to more concerns about what can go wrong with sensitive
information. The articles in this issue investigate drivers for investments in security
as well as discuss the system development and strategies that could be used to protect
information and increase the level of security.

ARTICLES:

Business and Security Executives Views of Information Security Investment Drivers:
Results from a Delphi Study

Alice M. Johnson, North Carolina A&T State University – Greensboro, USA, amjohns1@ncat.edu

ABSTRACT

A Delphi study used two expert panels of 24 CEOs and 22 security executives to
identify and rank factors that motivated organizations to invest in information
security. Both panels agreed that legal and regulatory compliances were the most
important drivers. However, their different perspectives about other drivers,
particularly the extent to which information security provided a competitive
advantage, implied that business executives were more likely than security executives
to view information security as a cost center rather than a business enabler, thus the
author suggested a greater need for technology executives to help business executives
better understand how information security investments could provide competitive
advantage. In general, the study highlighted the need for more dialogue and
information sharing between security executives, who are responsible for designing
the organization’s security infrastructure, and business executives who must allocate
the funds to support that infrastructure.

Download Full Article

Development of a Mobile Commerce Security Analysis Method

June Wei (contact author), University of West Florida, USA, jwei@uwf.edu
Ant Ozok, UMBC, USA, ozok@umbc.edu

ABSTRACT

The objective of this study is to develop a mobile commerce security analysis method
for determining mobile commerce security requirements and provide suggestions to
m-commerce security system development. Two phases were used to achieve this
objective. The first phase developed a Mobile Commerce Security Analysis (MCSA)
model. In the second phase, the Mobile Commerce Security Analysis Questionnaire
(MCSAQ) was developed from the MCSA model. The MCSAQ is developed to
quantitatively measure mobile commerce security attributes in the MCSA model.
Data on mobile commerce security attributes for 15 m-commerce tasks were
collected using the MCSAQ with subject matter experts. Factor analysis conducted
on the survey data resulted in the identification of six mobile commerce security
dimensions. The quantification of m-commerce security requirement ratings and
possible identification of m-commerce security dimensions would offer potential
utility over a range of several practical applications to improve the efficiency of mcommerce
security performance. The reliable and valid m-commerce security
performance analysis method quantitatively captures broader aspects of mcommerce
security performance than previous research. The development of the
taxonomy of m-commerce security requirements could provide structure and
continuity to many research findings to both the conceptual and practical aspects of
m-commerce task performance.

Download Full Article

Information Protection at Telecommunications Firms: Human Resource Management Strategies and their Impact on Organizational Justice

William H. Ross, University of Wisconsin – La Crosse, USA, ross.will@uwlax.edu
Christopher J. Meyer, Baylor University, USA, Christopher_Meyer@baylor.edu
Jeng-Chung V. Chen, National Cheng Kung University, TAIWAN, victor@mail.ncku.edu.tw
Paul Keaton, University of Wisconsin – La Crosse, USA, keaton.paul@uwlax.edu

ABSTRACT

The growth of the wireless telecommunications industry demands increased
information security. Because security breaches often involve current employees,
Human Resource (HR) departments can play a role in data security. As HR managers
integrate information security considerations with strategies involving areas such as
selection, training, electronic performance monitoring, and performance appraisal
design, they must be mindful of organizational justice considerations. HR strategies
designed to enhance data security impact employee beliefs about distributive,
procedural, interpersonal, and informational justice; these beliefs must be explicitly
considered as such strategies are implemented. A conceptual model is offered to help
managers identify key variables as they formulate policies in this area.

Download Full Article

Expert Opinion

Interview with: Anne Scrivener Agee, Vice Provost for IT and CIO, University of Massachusetts - Boston
On Security and Privacy Issues facing the University

Conducted by Alberta Tai and R. Ayyagari, University of Massachusetts - Boston, jie.tai001@umb.edu and r.ayyagari@umb.edu

Book Review

Online Consumer Protection: Theories of Human Relativism

Kuanchin Chen and Adam Fadlalla, Information Science Reference, ISBN 978-160566012-7

Reviewed by Chuleeporn Changchit, Texas A&M University – Corpus Christi, chuleeporn.changchit@tamucc.edu

This well written and well organized book aims at promoting research and practice in
online privacy, threats assessment, and privacy invasion prevention. The book also
offers a better understanding on human issues and the development of online privacy
education and legislation.

VOL. 5, No. 2, 2009

Editorial Preface: IT Security Perceptions & Tools

Chuleeporn Changchit, Texas A&M University – Corpus Christi, chuleeporn.changchit@tamucc.edu

In this issue of the Journal of Information Privacy & Security (JIPS), three
articles, one expert opinion, and one book review are included. The articles in this
issue present the continuous exploration of researchers in studying the many unsettled
questions within the information security and privacy fields. The focuses of the
authors collide in investigating matters of security, from its concerns of human
perceptions to e-services, the dynamics of Internet hacking adoption, and furthermore
the proposal of an IT tool for IT security management. In general these topics prove to
be imminent to the everyday interactions of our lives with today’s technology and the
contributions from them expand the means of understanding our own perceptions to
the use of e-services and beyond.

ARTICLES:

Examining the Impact of E-privacy Risk Concerns on Citizens' Intentions to Use E-government Services: An Oman Perspective

Dhiyab Al Abri, Murdoch University – Murdoch, WA, Australia, d.alabri@murdoch.edu.au
Tanya McGill, Murdoch University – Murdoch, WA, Australia, t.mcgill@murdoch.edu.au
Michael Dixon, Murdoch University – Murdoch, WA, Australia, m.dixon@murdoch.edu.au

ABSTRACT

The risks associated with online transactions influencing the use of e-services and egovernment
services include e-privacy concerns. This study has examined the impact
of e-privacy risk concerns on the acceptance of e-government services in Oman using
an integrated model. The model is based on Liu, Marchewka, Lu, and Yu’s (2005)
privacy-trust-behavioral intention model, the broader technology acceptance
literature, and recent work on e-privacy awareness and protection. Data was
collected by questionnaire from Omani citizens. The model was then tested using PLS.
The study found that e-privacy risk concerns and perceptions of the protection
available against risks influence citizens’ intentions to use e-government services via
their influence on the perceived trustworthiness of these services. Thus
trustworthiness is a factor that could be an obstacle to successful e-government
services project implementation.

Download Full Article

Introducing the Information Technology Security Essential Body of Knowledge Framework

Wm. Arthur Conklin, University of Houston – Houston, USA, waconklin@uh.edu
Alexander McLeod, University of Nevada – Reno, USA, amcleod@unr.edu

ABSTRACT

The National Strategy to Secure Cyberspace spurred the development of the Essential
Body of Knowledge (EBK) for Information Technology Security. The key feature of
this security tool is its ability to act as a framework for analyzing institutional security
training needs and managing security workforce development. This is accomplished
through a series of steps that map security personnel roles, competency areas, and
functional perspectives to an industry accepted matrix of organizational security
needs. By capturing the human resource and functional elements of security, the EBK
acts as a distillation of best practice, laid out in generic form ready for
implementation across a wide spectrum of organizations. This paper introduces the
EBK, explains its form and content, and demonstrates how to transition from the
generic framework to functional model that is useful in determining organizational
security structure and helpful for managing security personnel training and future
security needs.

Download Full Article

Explorative Assessment of Internet Hacking: An Agent-Based Modeling Approach

Zaiyong Tang, Salem State College, USA, ztang@salemstate.edu
Kallol Bagchi, University of Texas at El Paso, USA, kbagchi@utep.edu
Anurag Jain, Salem State College, USA, ajain@salamstate.edu

ABSTRACT

Internet hacking is fast becoming a significant threat not only to businesses, but
government entities, online communities, and individual Internet users as well. We
have built an agent-based model (ABM) to study the dynamics of Internet hacking.
Several factors that impact the adoption of Internet hacking are evaluated. Through
ABM simulations we explore the interactions of various types of Internet users along
with their hacking propensity and the resulting hacking trends. The simulations point
to several interesting outcomes. For instance, the hacking trend is greatly affected by
the quantum of law enforcement and by the influence of hackers on normal users. On
the other hand, the number of initial hackers and the degree of interaction do not
appear to be significant factors. In addition, the results of the simulation illustrate the
impact of the mass media and of “hacking websites” on Internet hacking trends.

Download Full Article

Expert Opinion

Interview with: Ravi Pakala, Manager, FIS (Fidelity National Information Systems)

Conducted by Choton Basu, University of Wisconsin-Whitewater, basuc@uww.edu

Book Review

The Big Switch: Rewiring the World, from Edison to Google

Nicholas Carr, W. W. Norton and Co. ISBN-10: 0393062287

Reviewed by L. Roger Yin, University of Wisconsin-Whitewater, yinl@uww.edu

Nicholas Carr, the journalist who brought us the much-debated “Does IT matter?” has
linked the “plug-in” phenomenon between power grid and Internet. In his book, The
Big Switch, Carr asserts that we have moved again from distributed mode of
computing to the mode that “just let those guys run the power grid/Internet to take
care for us.” As our dependence on service providers like Google continues to grow,
Google the company has quietly carried out its business agenda to become the onestop
shopping from all computing needs we ever could desire. As self-important as it
may seem, but Google has become a strong candidate of a new monopoly and there is
very little we can reverse that trend.

VOL. 5, No. 3, 2009

Editorial Preface

Innovation, Technology and Game-Changers

Choton Basu, University of Wisconsin-Whitewater, basuc@uww.edu

In this third issue of the Journal of Information Privacy & Security (JIPS), three articles, one expert opinion, and one book review are included. In the first article, authors Alex Mills and co-authors present a unique look at Twitter
as a unique service that offers great potential for rapid and integrated response to disasters. The authors also explore the upsides and the downsides of this free service as a modern communications tool in the hands of disaster response professionals, government agencies, crisis management organizations (CMOs), organizations, and victims of disasters. This article begins a series on web 2.0 technologies that are becoming game-changers in various scenarios.

WEB 2.0 EMERGENCY APPLICATIONS: HOW USEFUL CAN TWITTER BE FOR EMERGENCY RESPONSE?

Alexander Mills, The State University of New York, USA
admills@buffalo.edu
Rui Chen, Ball State University, USA
rchen3@bsu.edu
JinKyu Lee, Oklahoma State University, USA
Jinkyu_lee@hotmail.com
H. Raghav Rao, The State University of New York, USA
mgmtrao@buffalo.edu

ABSTRACT

Twitter is a free, platform-independent, Web 2.0 communication application that allows users to send short (up to 140 characters) electronic messages to other individual users and user groups. Twitter users can send messages to one another via most internet-enabled devices capable of text messaging. This new and unique service offers great potential for rapid and integrated response to disasters. We explore the upsides and the downsides of this free service as a modern communications tool in the hands of disaster response professionals, government agencies, crisis management organizations (CMOs), organizations, and victims of disasters.

Download full article

A Framework of Using Captive Insurance to Streamline IT Control and Compliance Management

Xia Zhao, University of North Carolina at Greensboro,
x_zhao3@uncg.edu
Ling Xue, University of Scranton
xuel2@scranton.edu

ABSTRACT

To streamline IT compliance management and reduce the compliance cost, large companies need to address the issues of incentive and information. This article proposes a framework which illustrates how companies can use a risk management approach - captive insurance - to resolve these issues and ultimately achieve costefficient IT compliance management.

Download full article

Quest for Universal Identification – A Commentary

Choton Basu, The University of Wisconsin-Whitewater, USA
basuc@uww.edu

ABSTRACT

This short article is presented as a commentary on trying to understand the underlying impacts of social media and related technologies on privacy and security issues. The focus of this paper is particularly on the individuals and the concept of universal identity (UI) that indirectly results due to the participation in these incredibly pervasive technologies and communication platforms. The author discusses particular features on various sites,  socialization and incorporates inputs from interviews and secondary data to support this premise. Finally, lists of key research questions are identified throughout the commentary for future research.

Download full article

Expert Opinion

Interview with: Rhommer Varilla, Managing Director and VP of Services, SysLogic Inc.
Conducted by Choton Basu, University of Wisconsin-Whitewater, basuc@uww.edu

Book Review

Personality Not Included Why Companies Lose Their Authenticity – And How Great Brands Get It Back

Rohit Bhargava, McGraw Hill, ISBN: 978-0-07-154521-2

Reviewed by Choton Basu, University of Wisconsin-Whitewater, basuc@uww.edu

“Personality Matters,” This is the theme of this delightful book written by Rohit Bhargava. The author has several years of experience in the business of marketing and has tried to position this book at the intersection of Marketing and Business Books on one side and Blogging, Social Media books on the other. The book is directed at people looking for something fresh in the world of marketing in the world of Web 2.0 technologies. In this book Bhargava takes branding to new heights by making a compelling case for brands to develop strong personalities. His premise hinges on the fact that most “organizations hide their personality behind layers of packaged messaging and advertising.” In Personality Not Included, Bhargava counters this situation by providing tools, techniques, and several examples of how to redefine these companies in the new customer universe.

VOL. 5, No. 4, 2009

Editorial Preface

Privacy Governance, Law, and Growth Perspective in Security

Chuleeporn Changchit, Texas A&M University – Corpus Christi, chuleeporn.changchit@tamucc.edu

This issue includes three articles, one interview and one book review. In this issue, two articles focus on security and one article analyzes the legal framework of the COPA law while focusing on discerning the vulnerabilities of privacy protection for teens. This issue presents articles with compound views in the area of security and  privacy. The articles expose research that provides specific, technical information which induces further opportunities for practitioners within the IT security field.

Security and Privacy Governance: Criteria for Systems Design

Jan Guynes Clark, The University of Texas at San Antonio, USA,
jan.clark@utsa.edu
Nicole Lang Beebe, The University of Texas at San Antonio, USA
nicole.beebe@utsa.edu
Karen Williams, The University of Texas at San Antonio, USA
karen.williams@utsa.edu
Linda Shepherd, The University of Texas at San Antonio, USA
linda.shepherd@utsa.edu

ABSTRACT

Security and privacy issues are often an afterthought when it comes to systems design. However, failure to address these issues during analysis and design could result in catastrophic effects such as an erosion of trust among those in the stakeholder community once a loss of privacy is experienced, along with the additional
expenditures that are necessary to secure a system that has been compromised. We present a conceptual model for creating subsystems of security and privacy governance that are integral parts of the system architecture. Additionally, we propose that knowledge created or acquired during the development and use of the system, especially knowledge about security and privacy, be well documented and stored within a Knowledge Management System (KMS). Viewing, updating, and manipulating the knowledge database throughout the life of the system can enhance its success. In addition, as a knowledge repository, a KMS can contribute to best
practices in the development of future systems.

Download full article

Protecting Adolescents’ Personal Information Online: Constraints and Parameters

Deborah M. Gray, Central Michigan University, USA,
chubb1dm@cmich.edu.
Linda Christiansen, Indiana University Southeast, USA,
lchristi@ius.edu

ABSTRACT

Cable News Network recently reported that today’s children will spend an average of 23 years of their lifetime connected to the Internet. The Department of Education reports that 100% of teens today have Internet access at school. Currently, no laws protecting teens from the collection of their personal data (known or unknown) while
online exist. The personal information they post today can be collected today—or 20 years from now and can be used against them when they seek employment or apply for health insurance. This study examines the issue of adolescent consumer privacy protection from the perspective of those entities responsible for protecting and educating them about safe Internet use (educators, marketers, and policy makers). An analysis of transcripts from an expert panel (collected via telephone interview) is used to determine who is responsible for protecting teens’ privacy and how to accomplish this task.

Download full article

Growth Perspective of Information Security

Randall Young, University of Texas – Pan American, USA
YoungRF@utpa.edu

ABSTRACT

Organizations are expected to manage the overall information security posture hrough various information security evaluation methodologies. Current information security evaluation methodologies have limitations which are discussed. This paper utilizes benchmark variables to examine a stages-of-growth perspective of the information security function. Findings show correlation between six of the eight benchmark variables. The findings also show a positive relationship between the number of information security policies and more advanced stages of information security posture. The results shed light on the current state of information security in
organizations.

Download full article

Expert Opinion

Interview with: Uday Awasthi, Project Manager, Sun Microsystems

Conducted by Choton Basu, University of Wisconsin-Whitewater, basuc@uww.edu

Book Review

Disrupting Class: How Disruptive Innovation Will Change the Way the World Learns

Clayton M. Christensen, Michael B. Horn and Curtis W. Johnson, McGraw Hill, ISBN: 978-0-07-159206-2

Reviewed by Choton Basu, University of Wisconsin-Whitewater, basuc@uww.edu

This book does a remarkable job correctly identifying the major issues facing education and the disruptive technologies and approaches that will define learning in the future. This book deals with a very important theme that is perhaps “the issue” of the decade i.e. improving education. However, this book takes a different approach to this allimportant subject by focusing on models, approach, powerful technologies and most importantly, innovation to look at the problem. The authors demonstrate very early in the book that the challenges facing our education process is not due to lack of funding, absence of technology, teaching models or other reasons. Instead the problem lies in the fundamental underlying approach to learning. They emphasize the need to motivate the students and develop an environment that is able to answer the most important question – standardized teaching or customized learning?